Merge pull request #16861 from michaelnebel/modelgen/sourcesinklift

C#/Java: Do not lift source and sink models.

Author: michaelnebel

csharp/ql/src/utils/modelgenerator/internal/CaptureModels.qll

@@ -38,7 +38,9 @@ class DataFlowSourceTargetApi = SourceTargetApi;
 class DataFlowSinkTargetApi = SinkTargetApi;
 
 private module ModelPrintingInput implements ModelPrintingSig {
-  class Api = TargetApiBase;
+  class SummaryApi = DataFlowSummaryTargetApi;
+
+  class SourceOrSinkApi = SourceOrSinkTargetApi;
 
   string getProvenance() { result = "df-generated" }
 }

csharp/ql/src/utils/modelgenerator/internal/CaptureModelsSpecific.qll

@@ -112,38 +112,41 @@ predicate isUninterestingForDataFlowModels(CS::Callable api) { isHigherOrder(api
 predicate isUninterestingForTypeBasedFlowModels(CS::Callable api) { none() }
 
 /**
- * A class of callables that are potentially relevant for generating summary and
- * neutral models.
+ * A class of callables that are potentially relevant for generating source or
+ * sink models.
  */
-class SummaryTargetApi extends TargetApiBase {
-  SummaryTargetApi() { not hasManualSummaryModel(this.lift()) }
+class SourceOrSinkTargetApi extends Callable {
+  SourceOrSinkTargetApi() { relevant(this) }
 }
 
 /**
  * A class of callables that are potentially relevant for generating sink models.
  */
-class SinkTargetApi extends TargetApiBase {
-  SinkTargetApi() { not hasManualSinkModel(this.lift()) }
+class SinkTargetApi extends SourceOrSinkTargetApi {
+  SinkTargetApi() { not hasManualSinkModel(this) }
 }
 
 /**
  * A class of callables that are potentially relevant for generating source models.
  */
-class SourceTargetApi extends TargetApiBase {
-  SourceTargetApi() { not hasManualSourceModel(this.lift()) }
+class SourceTargetApi extends SourceOrSinkTargetApi {
+  SourceTargetApi() { not hasManualSourceModel(this) }
 }
 
 /**
- * A class of callables that are potentially relevant for generating summary, source, sink
- * and neutral models.
+ * A class of callables that are potentially relevant for generating summary or
+ * neutral models.
  *
  * In the Standard library and 3rd party libraries it is the callables (or callables that have a
  * super implementation) that can be called from outside the library itself.
  */
-class TargetApiBase extends Callable {
+class SummaryTargetApi extends Callable {
   private Callable lift;
 
-  TargetApiBase() { lift = liftedImpl(this) }
+  SummaryTargetApi() {
+    lift = liftedImpl(this) and
+    not hasManualSummaryModel(lift)
+  }
 
   /**
    * Gets the callable that a model will be lifted to.

csharp/ql/src/utils/modelgenerator/internal/CaptureTypeBasedSummaryModels.qll

@@ -178,7 +178,9 @@ private predicate output(Callable callable, TypeParameter tp, string output) {
 }
 
 private module ModelPrintingInput implements ModelPrintingSig {
-  class Api = TypeBasedFlowTargetApi;
+  class SummaryApi = TypeBasedFlowTargetApi;
+
+  class SourceOrSinkApi = TypeBasedFlowTargetApi;
 
   string getProvenance() { result = "tb-generated" }
 }

csharp/ql/test/utils/modelgenerator/dataflow/CaptureSinkModels.ext.yml

@@ -4,6 +4,7 @@ extensions:
       extensible: sinkModel
     data:
       - [ "Sinks", "NewSinks", False, "Sink", "(System.Object)", "", "Argument[0]", "test-sink", "manual"]
+      - [ "Sinks", "NewSinks", False, "Sink2", "(System.Object)", "", "Argument[0]", "test-sink2", "manual"]
       - [ "Sinks", "NewSinks", False, "ManualSinkAlreadyDefined", "(System.Object)", "", "Argument[0]", "test-sink", "manual"]
 
   - addsTo:

csharp/ql/test/utils/modelgenerator/dataflow/CaptureSourceModels.ext.yml

@@ -4,6 +4,8 @@ extensions:
       extensible: sourceModel
     data:
       - ["Sources", "NewSources", False, "ManualSourceAlreadyDefined", "()", "", "ReturnValue", "test-source", "manual"]
+      - ["Sources", "NewSources", False, "Source1", "()", "", "ReturnValue", "source-kind-1", "manual"]
+      - ["Sources", "NewSources", False, "Source2", "()", "", "ReturnValue", "source-kind-2", "manual"]
 
   - addsTo:
       pack: codeql/csharp-all

csharp/ql/test/utils/modelgenerator/dataflow/Sinks.cs

@@ -14,7 +14,11 @@ public class NewSinks
 
     // Sink defined in the extensible file next to the test.
     // neutral=Sinks;NewSinks;Sink;(System.Object);summary;df-generated
-    public void Sink(object o) => throw null;
+    public static void Sink(object o) => throw null;
+
+    // Sink defined in the extensible file next to the test.
+    // neutral=Sinks;NewSinks;Sink2;(System.Object);summary;df-generated
+    public static void Sink2(object o) => throw null;
 
     // New sink
     // sink=Sinks;NewSinks;false;WrapResponseWrite;(System.Object);;Argument[0];html-injection;df-generated
@@ -105,6 +109,32 @@ public void ManualSinkAlreadyDefined(object o)
     {
         Sink(o);
     }
+
+    public abstract class DataWriter
+    {
+        // neutral=Sinks;NewSinks+DataWriter;Write;(System.Object);summary;df-generated
+        public abstract void Write(object o);
+    }
+
+    public class DataWriterKind1 : DataWriter
+    {
+        // sink=Sinks;NewSinks+DataWriterKind1;true;Write;(System.Object);;Argument[0];test-sink;df-generated
+        // neutral=Sinks;NewSinks+DataWriterKind1;Write;(System.Object);summary;df-generated
+        public override void Write(object o)
+        {
+            Sink(o);
+        }
+    }
+
+    public class DataWriterKind2 : DataWriter
+    {
+        // sink=Sinks;NewSinks+DataWriterKind2;true;Write;(System.Object);;Argument[0];test-sink2;df-generated
+        // neutral=Sinks;NewSinks+DataWriterKind2;Write;(System.Object);summary;df-generated
+        public override void Write(object o)
+        {
+            Sink2(o);
+        }
+    }
 }
 
 public class CompoundSinks

csharp/ql/test/utils/modelgenerator/dataflow/Sources.cs

@@ -4,6 +4,15 @@ namespace Sources;
 
 public class NewSources
 {
+    // Defined as source in the extensions file next to the test.
+    // neutral=Sources;NewSources;Source1;();summary;df-generated 
+    public static string Source1() => throw null;
+
+    // Defined as source in the extensions file next to the test.
+    // neutral=Sources;NewSources;Source2;();summary;df-generated
+    public static string Source2() => throw null;
+
+
     // New source
     // source=Sources;NewSources;false;WrapConsoleReadLine;();;ReturnValue;local;df-generated
     // neutral=Sources;NewSources;WrapConsoleReadLine;();summary;df-generated
@@ -79,4 +88,30 @@ public string ManualSourceAlreadyDefined()
     {
         return Console.ReadLine();
     }
+
+    public abstract class DataReader
+    {
+        // neutral=Sources;NewSources+DataReader;Read;();summary;df-generated
+        public abstract string Read();
+    }
+
+    public class DataReaderKind1 : DataReader
+    {
+        // source=Sources;NewSources+DataReaderKind1;true;Read;();;ReturnValue;source-kind-1;df-generated
+        // neutral=Sources;NewSources+DataReaderKind1;Read;();summary;df-generated
+        public override string Read()
+        {
+            return Source1();
+        }
+    }
+
+    public class DataReaderKind2 : DataReader
+    {
+        // source=Sources;NewSources+DataReaderKind2;true;Read;();;ReturnValue;source-kind-2;df-generated
+        // neutral=Sources;NewSources+DataReaderKind2;Read;();summary;df-generated
+        public override string Read()
+        {
+            return Source2();
+        }
+    }
 }

java/ql/src/utils/modelgenerator/internal/CaptureModels.qll

@@ -38,7 +38,9 @@ class DataFlowSourceTargetApi = SourceTargetApi;
 class DataFlowSinkTargetApi = SinkTargetApi;
 
 private module ModelPrintingInput implements ModelPrintingSig {
-  class Api = TargetApiBase;
+  class SummaryApi = DataFlowSummaryTargetApi;
+
+  class SourceOrSinkApi = SourceOrSinkTargetApi;
 
   string getProvenance() { result = "df-generated" }
 }

java/ql/src/utils/modelgenerator/internal/CaptureModelsSpecific.qll

@@ -83,25 +83,25 @@ predicate isUninterestingForDataFlowModels(Callable api) {
 }
 
 /**
- * A class of callables that are potentially relevant for generating summary and
- * neutral models.
+ * A class of callables that are potentially relevant for generating source or
+ * sink models.
  */
-class SummaryTargetApi extends TargetApiBase {
-  SummaryTargetApi() { not hasManualSummaryModel(this.lift()) }
+class SourceOrSinkTargetApi extends Callable {
+  SourceOrSinkTargetApi() { relevant(this) }
 }
 
 /**
  * A class of callables that are potentially relevant for generating sink models.
  */
-class SinkTargetApi extends TargetApiBase {
-  SinkTargetApi() { not hasManualSinkModel(this.lift()) }
+class SinkTargetApi extends SourceOrSinkTargetApi {
+  SinkTargetApi() { not hasManualSinkModel(this) }
 }
 
 /**
  * A class of callables that are potentially relevant for generating source models.
  */
-class SourceTargetApi extends TargetApiBase {
-  SourceTargetApi() { not hasManualSourceModel(this.lift()) }
+class SourceTargetApi extends SourceOrSinkTargetApi {
+  SourceTargetApi() { not hasManualSourceModel(this) }
 }
 
 /**
@@ -112,16 +112,19 @@ class SourceTargetApi extends TargetApiBase {
 predicate isUninterestingForTypeBasedFlowModels(Callable api) { none() }
 
 /**
- * A class of callables that are potentially relevant for generating summary, source, sink
- * and neutral models.
+ * A class of callables that are potentially relevant for generating summary or
+ * neutral models.
  *
  * In the Standard library and 3rd party libraries it is the callables (or callables that have a
  * super implementation) that can be called from outside the library itself.
  */
-class TargetApiBase extends Callable {
+class SummaryTargetApi extends Callable {
   private Callable lift;
 
-  TargetApiBase() { lift = liftedImpl(this) }
+  SummaryTargetApi() {
+    lift = liftedImpl(this) and
+    not hasManualSummaryModel(lift)
+  }
 
   /**
    * Gets the callable that a model will be lifted to.

java/ql/src/utils/modelgenerator/internal/CaptureTypeBasedSummaryModels.qll

@@ -284,7 +284,9 @@ private predicate output(Callable callable, TypeVariable tv, string output) {
 }
 
 module ModelPrintingInput implements ModelPrintingSig {
-  class Api = TypeBasedFlowTargetApi;
+  class SummaryApi = TypeBasedFlowTargetApi;
+
+  class SourceOrSinkApi = Specific::SourceOrSinkTargetApi;
 
   string getProvenance() { result = "tb-generated" }
 }